From e38f2ac72157efe5e7d70450dbba26fc7a5c61f0 Mon Sep 17 00:00:00 2001
From: doublez13 <doublezane@gmail.com>
Date: Sat, 11 May 2024 14:52:59 -0600
Subject: [PATCH] Create editor abstraction

I'm counting seven profiles that have a child profile named "editor" that all include roughly the same boiler plate policies. Let's abstract it out.
---
 apparmor.d/abstractions/editor | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 apparmor.d/abstractions/editor

diff --git a/apparmor.d/abstractions/editor b/apparmor.d/abstractions/editor
new file mode 100644
index 00000000..a7086eed
--- /dev/null
+++ b/apparmor.d/abstractions/editor
@@ -0,0 +1,29 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Zane Zakraisek <zz@eng.utah.edu>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{bin}/sensible-editor        mr,
+  @{bin}/vim                  mrix,
+  @{bin}/vim.*                mrix,
+  @{sh_path}                   rix,
+  @{bin}/which{,.debianutils}  rix,
+
+  /usr/share/vim/{,**} r,
+  /usr/share/terminfo/** r,
+
+  /etc/vimrc r,
+  /etc/vim/{,**} r,
+
+  owner @{HOME}/.selected_editor r,
+  owner @{HOME}/.viminfo{,.tmp} rw,
+  owner @{HOME}/.vimrc r,
+
+  # Vim swap file 
+  owner @{HOME}/ r,
+  owner @{user_cache_dirs}/ r,
+  owner @{user_cache_dirs}/vim/** wr,
+
+  include if exists <abstractions/editor.d>